X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=virtual%2Fmodules%2Fdatabases%2Fdefault.nix;h=94d8d75ededd5c134c58fd75c56a2d2a585b56f6;hb=bbba84f5f4185d2e5173a3cb8b3d008c23665e54;hp=e3a56129fa75940faa19fc99dfd5b5992a42293f;hpb=a5365ec3d924a91abdd80c4f58d2158472788de9;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/virtual/modules/databases/default.nix b/virtual/modules/databases/default.nix index e3a5612..94d8d75 100644 --- a/virtual/modules/databases/default.nix +++ b/virtual/modules/databases/default.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, config, mylibs, ... }: +{ lib, pkgs, config, myconfig, mylibs, ... }: let cfg = config.services.myDatabases; in { @@ -73,7 +73,7 @@ in { }; system.activationScripts.postgresql = '' - install -m 0755 -o postgres -g postgres -d /run/postgresql + install -m 0755 -o postgres -g postgres -d ${myconfig.env.databases.postgresql.socket} ''; services.postgresql = rec { @@ -111,21 +111,21 @@ in { }; security.pam.services = let - pam_ldap = pkgs.pam_ldap; - pam_ldap_mysql = assert mylibs.checkEnv "NIXOPS_MYSQL_PAM_PASSWORD"; - pkgs.writeText "mysql.conf" '' - host ldap.immae.eu - base dc=immae,dc=eu + pam_ldap = "${pkgs.pam_ldap}/lib/security/pam_ldap.so"; + pam_ldap_mysql = pkgs.writeText "mysql.conf" '' + host ${myconfig.env.ldap.host} + base ${myconfig.env.ldap.base} binddn cn=mysql,cn=pam,ou=services,dc=immae,dc=eu - bindpw ${builtins.getEnv "NIXOPS_MYSQL_PAM_PASSWORD"} + bindpw ${myconfig.env.databases.mysql.pam_password} + ssl start_tls pam_filter memberOf=cn=users,cn=mysql,cn=pam,ou=services,dc=immae,dc=eu ''; - pam_ldap_postgresql_replication = assert mylibs.checkEnv "NIXOPS_ELDIRON_LDAP_PASSWORD"; - pkgs.writeText "postgresql.conf" '' - host ldap.immae.eu - base dc=immae,dc=eu - binddn cn=eldiron,ou=hosts,dc=immae,dc=eu - bindpw ${builtins.getEnv "NIXOPS_ELDIRON_LDAP_PASSWORD"} + pam_ldap_postgresql_replication = pkgs.writeText "postgresql.conf" '' + host ${myconfig.env.ldap.host} + base ${myconfig.env.ldap.base} + binddn ${myconfig.env.ldap.host_dn} + bindpw ${myconfig.env.ldap.password} + ssl start_tls pam_login_attribute cn ''; in [ @@ -133,43 +133,38 @@ in { name = "mysql"; text = '' # https://mariadb.com/kb/en/mariadb/pam-authentication-plugin/ - auth required ${pam_ldap}/lib/security/pam_ldap.so config=${pam_ldap_mysql} - account required ${pam_ldap}/lib/security/pam_ldap.so config=${pam_ldap_mysql} + auth required ${pam_ldap} config=${pam_ldap_mysql} + account required ${pam_ldap} config=${pam_ldap_mysql} ''; } { name = "postgresql"; text = '' - auth required ${pam_ldap}/lib/security/pam_ldap.so config=${pam_ldap_postgresql_replication} - account required ${pam_ldap}/lib/security/pam_ldap.so config=${pam_ldap_postgresql_replication} + auth required ${pam_ldap} config=${pam_ldap_postgresql_replication} + account required ${pam_ldap} config=${pam_ldap_postgresql_replication} ''; } { name = "postgresql_replication"; text = '' - auth required ${pam_ldap}/lib/security/pam_ldap.so config=${pam_ldap_postgresql_replication} - account required ${pam_ldap}/lib/security/pam_ldap.so config=${pam_ldap_postgresql_replication} + auth required ${pam_ldap} config=${pam_ldap_postgresql_replication} + account required ${pam_ldap} config=${pam_ldap_postgresql_replication} ''; } ]; - # Diaspora: 15 - # Nextcloud: 14 - # Mastodon: 13 - # Mediagoblin: 12 - # wallabag: 0 ? services.redis = rec { enable = config.services.myDatabases.redis.enable; bind = "127.0.0.1"; - unixSocket = "/run/redis/redis.sock"; + unixSocket = myconfig.env.databases.redis.socket; extraConfig = '' unixsocketperm 777 maxclients 1024 ''; }; system.activationScripts.redis = '' - mkdir -p /run/redis - chown redis /run/redis + mkdir -p $(dirname ${myconfig.env.databases.redis.socket}) + chown redis $(dirname ${myconfig.env.databases.redis.socket}) ''; }; }